﻿using EFFC.Frame.Net.Base.Common;
using EFFC.Frame.Net.Module.Extend.EWRA;
using EFFC.Frame.Net.Module.Extend.EWRA.Constants;
using EFFC.Frame.Net.Module.Extend.EWRA.Logic;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Reflection;
using System.Threading.Tasks;
using ICPFrameLib.Attributes;

namespace XHRPMIS.Business
{
    public class MyFilterLogic: RestInvokeFilterLogic
    {
        protected override bool IsInvoke(string requestRoute, string methodverb, List<RouteInvokeEntity> invokeList, ref RestStatusCode statuscode, ref string errormsg)
        {
            var authfunctions = ComFunc.nvl(TokenPayLoad["Auth_Actions"]);

            foreach(var invoke in invokeList)
            {
                var attr = invoke.InvokeMethod.GetCustomAttribute<ActionAuthAttribute>();
                if (attr != null)
                {
                    if (!attr.IsAuthByFunction(authfunctions.Split(',').ToList()))
                    {
                        statuscode = RestStatusCode.FORBIDDEN;
                        errormsg = "没有访问权限";
                        return false;
                    }
                }
            }
            return true;
        }
    }
}
